Bit generator for determining a secret encryption key and corresponding process

ABSTRACT

Bit generator for determining a secret encryption key and a corresponding process, the generator having a memory with one memorization cell and measurement and reference bits, and a calculation device connected to the memory, such that a bit applied at an input of the bit generator makes another bit appear at an output thereof. Such a generator is applicable to cryptographic systems and methods.

TECHNICAL FIELD

This invention relates to a bit generator for determining a secretencryption key and a corresponding process. Its applications includetransmission of secret information. More particularly, it can replacequantum cryptology.

STATE OF PRIOR ART

Mathematicians have always searched for protected communicationtechniques for transmitting secret information. The principle based onthe specific features of quantum mechanics to generate random encodingkeys was proposed in the 1970s by Stephen Wiesner [1]. Charles E.Bennett et al contributed to demonstrating the feasibility of theconcept [2].

Quantum cryptology is based on the fact that the quantum mechanicsmeasurement is a random and irreversible phenomenon that irrecoverablydisturbs the measured object. Thus, interception of the message by athird party will inevitably modify the quantum state of the object sothat illegal eavesdropping can be detected, or conversely it is possibleto be assured that the message has not been intercepted. In this case,keys that could be used to encode messages later can be transmittedbeing certain that the key is unique and has been actually kept secret.

The principle used to transmit a decryption key is then as follows.

An operator A (conventionally called Alice in the cryptology specialistslanguage) sends a series of particles with a certain spin, or photonswith a certain polarization, to a destination B (conventionally calledBob). Alice has two orthogonal spin measurement reference systems thatare denoted a and b. When measured according to reference system a, thespin of a particle is +1 or −1 (in a suitable system of units). If thespin of the same particle is measured for a second time in the samereference system, in this case a, obviously the same value will befound. But if the said spin is measured in the other reference system b,then a random value +1 or −1 will be found independently of the valuefound in the first measurement.

In a series of successive operations, Alice chooses a series ofreference systems a or b at_random. She measures the spin of a newparticle in each reference system and sends it to Bob. She notes herchoices and the results of her measurements. In turn, Bob chooses aseries of reference systems a or b at random, and uses these referencesystems to successively measure the spins of the particles that Alicesends to him. He also notes his choices and his results. Obviously, ifBob chose the same reference system as Alice (by chance) which onaverage would happen in half of all cases, he would find the same resultas she did. However if he chose the other reference system, he wouldobtain a random result compared with the spin measured by Alice.Therefore, if Alice and Bob exchange their choices of reference systemsa or b for each particle in a second step, they deduce which were thecommon choices and which were the series of the +1 or −1 measured spinsthat they have in common. This series of common spins forms the secretkey that they can share.

For security reasons, they can inform each other of part of this key; ifthis part is actually common, then the message has not been intercepted.Otherwise, they must begin the operation again until they obtain asecret and tested common key.

This technique for determining an encryption key is difficult to usesince it requires lasers that emit photons individually, with aparticular polarization. The purpose of this invention is to overcomethis disadvantage.

DESCRIPTION OF THE INVENTION

Consequently, the invention proposes a device called a bit generatorwhich simulates quantum means according to prior art in a specificmanner but uses means that are much easier to implement, such as binarydata memories and calculation circuits. This device then no longer workswith spins or quantum states, but rather with bits and memory contentswhich is much more convenient.

According to the invention, one or more memory cells may be used, forexample with two bits, with a first bit called the reference system bit,the value of which is denoted a or b (in the case of an environment withtwo reference systems) and a second bit called the measurement bitdenoted +1 or −1. This type of cell may be in one of four logicalstates, namely (a, +1) or (a, −1) or (b, +1) or (b, −1). The initialstate is generated randomly inside the circuit defined by the invention.In order to measure the state of a cell, a reference system bit isapplied to it, in other words a or b, and a logical transition of theinitial state to a final state is provoked, which is a random type oftransition with a certain probability depending on the initial state andthe final state and the applied reference system bit. The final statereflects the result of the measurement in the applied reference system.

Therefore, this type of generator has all the attributes of quantumobjects and it can be used to determine secret encryption keys.

Naturally, the invention is not restricted to a single cell, or to twobits per cell, but covers all cases of n cells with k bits, where n andk are arbitrary integers.

More precisely, the purpose of this invention is a bit generator fordetermining a secret encryption key, characterized in that it iscomposed of an electronic circuit comprising:

an input to which an input signal can be applied comprising a group of nbits, called reference system bits, where n is an integer equal to atleast 1,

an output on which an output signal can be produced composed of a groupof n bits, called the measurement bits,

a memory with n memorization cells each memorizing k bits, where k is aninteger equal to at least 2, with reference system bits and measurementbits, each cell thus being in a logical state defined by its k bits,this state not being readable from outside the electronic circuit, thismemory being provided with an output connected to the output from thegenerator and outputting measurement bits from the n cells,

a calculation means connected to the memory and with one control inputconnected to the generator input and into which reference system bitsare input, this calculation means being capable of provoking a randomtransition for each cell between the state of the cell called theinitial state read on reception of the reference system bitcorresponding to the cell, and another state called the final state, theprobability of this transition depending on the initial state, thereceived reference system bit and pre-determined probability equationsare defined in the calculation means.

Another purpose of this invention is a process for determining a secretencryption key common to a first user and a second user, this processusing the generator described above. This process is characterized inthat:

the first user applies a first group of random input bits to thegenerator input, and collects a first group of output bits at the outputfrom the generator, and then sends the generator to the second user,

the second user applies a second group of random input bits to the inputof this generator and collects a second group of output bits at theoutput from the generator,

the first user transmits the first group of input bits in plain text tothe second user, and the second user transmits the second group of inputbits that he used to the first user, in plain text,

the first and the second users identify the input bits common to thefirst and the second group of input bits and determine the bitscorresponding to the common input bits in the first and in the secondgroup of output bits,

the first and second users use at least part of the output bitscorresponding to the common input bits as the common secret encryptionkey.

Preferably, the first and second users check the output bitscorresponding to the common input bits to make sure that the bits in thefirst group and in the second group are actually identical, and use theremaining bits to build up their common secret key

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a block diagram of a simplified generator according to theinvention for a single cell with two bits;

FIG. 2 is a block diagram of a variant with six inputs and four outputs.

DESCRIPTION OF PARTICULAR EMBODIMENTS

In the following description, it is assumed that each memorization cellonly contains two bits in order to simplify the description. But it isobvious that the invention is not limited to this special case.

FIG. 1 shows a generator G with one input E and one output S comprisinga memory 10 with a single memorization cell. This cell comprises twoareas, one B_(r) that will be used to memorize a reference system bitdenoted a or b (in practice it would be +1 or −1, or 1 or 0), and theother B_(m) will be used to memorize a measurement bit. The memory 10 isprovided with a read output 12 and a write input 14. It also has anoutput s connected to the general output S of the generator. Thegenerator shown also comprises a calculation means 16 connected to theread output 12 and to the write input 14 of the memory. It has a controlinput e connected to the general input E of the generator.

This generator operates as follows. Initially, it is in an internalstate 0 defined by the two bits memorized in the memory (for example aand +1). If a bit is applied to the input E to measure this state, theresult of the measurement will depend on the value of the input bitconsidered as being the reference system bit. If this bit is the same asthe reference system bit for the internal state 0 (therefore for thechosen assumption it will be a), the calculation means 16 will initiatea transition making the final state identical to the initial state (inthe event (a, +1)). The bit appearing on the output S of the generatorwill then be the measurement bit for the final state, which will be thesame as the measurement bit for the initial state. Therefore, theinitial bit will have been correctly measured without disturbing it. Itcan also be said that the probability of a transition between theinitial state (a, −1) and the final state (a, +1) is equal to 1(consequently, the probability of a transition between the (a, +1) stateand the (a, −1) state is zero).

If a reference system bit different from the reference system bit forthe state of the cell (in the event b) is applied to the input E, thenthe measurement reference system will be different from the referencesystem used to determine the initial state. In this case the result ofthe measurement is random and depends on the probabilities of atransition between firstly the initial state (a, +1), and secondlyeither of the (b, +1) and (b, −1) final states. If none of thesepossible values is given preference, the probabilities will each beequal to ½. Therefore, the measurement bit obtained can,equally well be+1 as −1.

This example can be summarized in table I, in which the top row containsthe four possible initial states, the left column contains the fourpossible final states and the associated boxes contain the transitionprobabilities.

TABLE I (a, +1) (a, −1) (b, +1) (b, −1) (a, +1) 1 0 ½ ½ (a, −1) 0 1 ½ ½(b, +1) ½ ½ 1 0 (b, −1) ½ ½ 0 1

Naturally, the probabilities of transitions corresponding to differentreference system bits could be varied without going outside theframework of the invention.

In practice, an encryption key contains several bits and the memory mustcontain several cells working independently.

Thus, FIG. 2 illustrates the case of a generator using a memory with sixmemorization cells reference 10 ₁, 10 ₂, . . . , 10 ₆. The calculationmeans 16 comprises six elementary means 16 ₁, 16 ₂, . . . , 16 ₆. Thegenerator comprises six inputs E₁, E₂, . . . , E₆ and six outputs S₁,S₂, . . . , S₆, on which there are groups of six bits.

FIG. 2 shows the inputs and outputs laid out in parallel, but a singleinput and a single output with bits input and output in series anddistributed appropriately in the circuit could be used, without goingoutside the framework of the invention.

Each of the six channels operates like the generator in FIG. 1, thesesix channels being independent of each other.

Table II illustrates operation of this generator and at the same timeshows how two users, Alice and Bob, can set up a common secretencryption key.

TABLE II Cell Cell Cell Cell Cell Cell 10₁ 10₂ 10₃ 10₄ 10₅ 10₆ Internalstate 0 (a, 1) (b, −1) (b, 1) (b, −1) (a, 1) (a, −1) Alice's reference aa b a b b system Internal state 1 (a, 1) (a, −1) (b, 1) (a, 1) (b, −1)(b, 1) Alice's 1 −1 1 1 −1 1 measurement Bob's reference b a b b b asystem Internal state 2 (b, 1) (a, −1) (b, 1) (b, −1) (b, −1) (a, 1)Bob's measurement 1 −1 1 −1 −1 1 Common key −1 1 −1

In this table, the initial internal state is given on the first row.Alice applies six reference system bits to the generator (row 2). Theinternal state then changes to state 1 according to the transitionprobability rules already described. The internal state 1 is shown onrow 3. Alice receives the six bits on row 4 as the result of hermeasurement. The new internal state is consistent with Alice's choiceand measurement. Bob received the generator from Alice in its internalstate 1 (which is then used as the initial state), and applies sixreference system bits to it (row 5). There is no reason why these bitsshould be the same as the bits used by Alice, but statistically they arethe same once out of every two times, in other words in this case, threetimes (the bits applied to cells 10 ₂, 10 ₃, 10 ₅). The internal stateis affected by a transition resulting in the internal state 2 shown onrow 6. The result of the measurement made by Bob is shown on row 7. Bobleaves the generator in the internal state 2.

Alice and Bob then exchange the reference system bits used in plain textby any means (rows 2 and 5). They observe that the bits were the samefor cells 10 ₂, 10 ₃ and 10 ₅. They alone know the result of themeasurement obtained for these common bits, namely −1, 1 and −1. Theycan use these bits to create the common secret key.

If a fraudulent third party intercepted the card, he would be able toapply his own reference system bit and obtain a result, but once out ofevery two times the reference system bit would not have been the same asthe reference system bit according to the initial state such that thisfraudulent measurement would have disturbed the state of the generator.Alice and Bob would realize this by comparing one of these common bits.Naturally, these test bits will be unusable subsequently for the secretkey. In the previous example, Alice and Bob can compare the first bit(1) and use the other two bits (+1 and −1) for their common key.

The generator that has just been described may advantageously be placedin an easy to carry portable object, for example a smart card. In thiscase, it may be sent from Alice to Bob by ordinary mail or registeredletter. It is important to note that the smart card forms a tamper-proofsealed object, the contents of which cannot be fraudulently read withoutdestroying the card itself.

But obviously, the generator according to the invention may also bebuilt into more complex transmission circuits.

References:

[1] Wiesner, S., Conjugate Coding, Sigact News, vol. 15, No. 1, 1983,pp.78-88; original handwritten document 1970.

[2] Bennett, C. H., Bessette, F., Brassard, G. Salvail, L. And Smolin,J. Experimental quantum cryptography, Journal or cryptology, vol. 5, No.1, 1992, pp.3-28 (1992).

What is claimed is:
 1. A bit generator composed of an electronic circuitcomprising: an input to which an input signal is applied comprising agroup of n reference system bits, where n is an integer equal to atleast 1, an output on which an output signal is produced composed of agroup of n measurement bits, a memory with n memorization cells eachmemorizing k bits, where k is an integer equal to at least 2, withreference system bits and measurement bits, each cell thus being in alogical state defined by its k bits, this state not being readable fromoutside the electronic circuit, this memory being connected to theoutput (S) of the generator and outputting measurement bits from the n.cells, calculation means for provoking a transition for each cell insaid memory, said calculation means being connected to said memory aridhaving a control input connected to said input of said bit generatorinto which reference system bits are input, wherein said calculationmeans is configured -to provoke a random transition for each cellbetween an initial state read on reception of the reference system bitcorresponding to the cell and a final state, the probability of thistransition depending on the initial state, the received reference systembit and pre-determined probability equations defined in the calculationmeans, said bit generator is configured to generate a secret encryptionkey, and said bit generator is configured to decipher a received secretencryption key.
 2. The bit generator according to claim 1, wherein theprobability of transition between the initial state and the final stateidentical to the initial state is equal to 1 when the reference systembit in the input signal is identical to the reference system bit in theinitial state.
 3. The bit generator according to claim 1, in which theprobability of transition between the initial state with a givenreference system bit and the final state with a reference system bitdifferent from the reference system bit for the initial state is equalto ½.
 4. The bit generator according to any one of claims 1 to 3, inwhich the electronic circuit is placed in a portable object.
 5. The bitgenerator according to claim 4, in which the portable object is the sizeof a smart card.
 6. The bit generator according to claim 1, in which theinput and the output may receive and output groups of bits in parallel.7. Process for determining the secret encryption key common to a firstuser and a second user, this process using the bit generator accordingto claim 1, wherein: the first user applies a first group of randominput bits to the generator input, and collects a first group of outputbits at the output from the generator, and then sends the output fromthe generator to the second user, the second user applies a second groupof random input bits to the input of the generator and collects a secondgroup of output bits at the output front the generator, the first usertransmits the first group of input bits in plain text to the seconduser, and the second user transmits the second group of input bits tothe first user, in plain text, the first and the second users identifythe input bits common to the first and the second group of input bitsand determine the bits corresponding to the common input bits in thefirst and in the second group of output bits, the first and second usersuse at least part of the output bits corresponding to the common inputbits as the common secret encryption key.
 8. The process according toclaim 7, in which the first and second users check the output bitscorresponding to the common input bits to make sure that the bits in thefirst group and in the second group are actually identical, and use theremaining bits to build up their common secret key.